Method and system for real-time visualization of network flow within network device

US 9,350,622 B2
Filed: 02/22/2013
Issued: 05/24/2016
Est. Priority Date: 07/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method for network flow visualization, comprising:

displaying a network topology in a graphical user interface on a display of a computer, the network topology including graphical representations of multiple network devices, of internal interfaces within the multiple network devices, and of network connections between the multiple network devices;

acquiring a plurality of network flow records from each of the multiple network devices for a specified period of time,wherein each of the plurality of network flow records is generated by a corresponding one of the multiple network devices and is uniquely associated with the corresponding one of the multiple network devices and is stored by the corresponding one of the multiple network devices,wherein each of the plurality of network flow records includes information about a corresponding network flow through the corresponding one of the multiple network devices, andwherein each of the plurality of network flow records is generated and stored separate from data of the corresponding network flow, andwherein each of the plurality of network flow records includes data fields for1) an identifier of the ingress interface through which the corresponding network flow entered the corresponding one of the multiple network devices, and2) an identifier of an egress interface through which the corresponding network flow exited the corresponding one of the multiple network devices or an identifier of an internal interface at which the corresponding network flow terminated within the corresponding one of the multiple network devices, and3) an internet protocol source address for the corresponding network flow, and4) an internet protocol destination address for the corresponding network flow, and5) a source port for the corresponding network flow, and6) a destination port for the corresponding network flow;

correlating separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records for the specified period of time,wherein each of the separate ones of the plurality of network flow records within the common network data communication flow record has1) identical content in the data field for the internet protocol source address for the corresponding network flow, and2) identical content in the data field for the internet protocol destination address for the corresponding network flow, and3) identical content in the data field for the source port for the corresponding network flow, and4) identical content in the data field for the destination port for the corresponding network flow;

repeating the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records for the specified period of time;

aggregating some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record for the specified period of time; and

rendering, on the display, an animation of a graphical representation of the aggregated network communication flow record for the specified period of time, wherein the animation of the graphical representation of the aggregated network communication flow record is rendered in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the animation of the graphical representation of the aggregated network communication flow record including one or more arrows to represent a data communication path traversed through the network topology by network flows represented by the aggregated network communication flow record, wherein the animation of the graphical representation of the aggregated network communication flow record includes at least one arrow depicting a segment of the data communication path traversed inside of at least one of the multiple network devices; and

providing a control within the graphical user interface to control a temporal progression through the animation of the graphical representation of the aggregated network communication flow record, including pausing of the animation at a selected time within the specified period of time.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network topology is displayed in a graphical user interface on a display of a computer. The network topology includes graphical representations of multiple network devices, of internal interfaces within the multiple network devices, and of network connections between the multiple network devices. A record of a network flow within a particular network device of the multiple network devices is acquired in real time upon transmission of the network flow within the particular network device. A graphical representation of a transmission path of the network flow within the particular network device is rendered in real time on the display based on the record of the network flow.

213 Citations

20 Claims

1. A method for network flow visualization, comprising:
- displaying a network topology in a graphical user interface on a display of a computer, the network topology including graphical representations of multiple network devices, of internal interfaces within the multiple network devices, and of network connections between the multiple network devices;
  
  acquiring a plurality of network flow records from each of the multiple network devices for a specified period of time,wherein each of the plurality of network flow records is generated by a corresponding one of the multiple network devices and is uniquely associated with the corresponding one of the multiple network devices and is stored by the corresponding one of the multiple network devices,wherein each of the plurality of network flow records includes information about a corresponding network flow through the corresponding one of the multiple network devices, andwherein each of the plurality of network flow records is generated and stored separate from data of the corresponding network flow, andwherein each of the plurality of network flow records includes data fields for1) an identifier of the ingress interface through which the corresponding network flow entered the corresponding one of the multiple network devices, and2) an identifier of an egress interface through which the corresponding network flow exited the corresponding one of the multiple network devices or an identifier of an internal interface at which the corresponding network flow terminated within the corresponding one of the multiple network devices, and3) an internet protocol source address for the corresponding network flow, and4) an internet protocol destination address for the corresponding network flow, and5) a source port for the corresponding network flow, and6) a destination port for the corresponding network flow;
  
  correlating separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records for the specified period of time,wherein each of the separate ones of the plurality of network flow records within the common network data communication flow record has1) identical content in the data field for the internet protocol source address for the corresponding network flow, and2) identical content in the data field for the internet protocol destination address for the corresponding network flow, and3) identical content in the data field for the source port for the corresponding network flow, and4) identical content in the data field for the destination port for the corresponding network flow;
  
  repeating the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records for the specified period of time;
  
  aggregating some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record for the specified period of time; and
  
  rendering, on the display, an animation of a graphical representation of the aggregated network communication flow record for the specified period of time, wherein the animation of the graphical representation of the aggregated network communication flow record is rendered in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the animation of the graphical representation of the aggregated network communication flow record including one or more arrows to represent a data communication path traversed through the network topology by network flows represented by the aggregated network communication flow record, wherein the animation of the graphical representation of the aggregated network communication flow record includes at least one arrow depicting a segment of the data communication path traversed inside of at least one of the multiple network devices; and
  
  providing a control within the graphical user interface to control a temporal progression through the animation of the graphical representation of the aggregated network communication flow record, including pausing of the animation at a selected time within the specified period of time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, wherein each of the plurality of network flow records identifies other internal interfaces within the corresponding one of the multiple network devices to which the corresponding network flow was transmitted.
  - 3. The method as recited in claim 2, wherein the other internal interfaces includes a local interface at which the corresponding network flow was terminated within the corresponding one of the multiple network devices.
  - 4. The method as recited in claim 1, wherein the multiple network devices includes a router, and wherein a given network flow record is generated for a packet of network traffic that is forwarded within the router.
  - 5. The method as recited in claim 1, further comprising:
    - filtering the plurality of network flow records based on one or more network flow parameters to identify a filtered set of the plurality of network flow records; and
      
      rendering, on the display, graphical representations of transmission paths of the filtered set of the plurality of network flow records.
  - 6. The method as recited in claim 5, further comprising:
    - rendering, on the display, a control graphical user interface for defining, saving, and applying the filtering of the plurality of network flow records.
  - 7. The method as recited in claim 6, wherein the one or more network flow parameters include one or more of a DSCP (Differentiated Services Code Point), port, IP (Internet Protocol) address, layer 4 protocol, bit rate range, byte range, VLAN (Virtual Local Area Network) tag parameter, MAC (Media Access Control) parameter, and TCP (Transmission Control Protocol) flag field.
  - 8. The method as recited in claim 5, further comprising:
    - modifying an appearance of one or more of the graphical representations of the transmission paths of the filtered set of the plurality of network flow records based on network flow parameters.
  - 9. The method as recited in claim 1, wherein each of the plurality of network flow records includes information about a corresponding layer 2 network flow.
  - 10. The method as recited in claim 9, wherein the corresponding layer 2 network flow is transmitted through a VLAN (Virtual Local Area Network).
  - 11. The method as recited in claim 1, wherein each of the plurality of network flow records is defined in either a NetFlow format, or an IPFIX (Internet Protocol Flow Information Export) format, or a combination of NetFlow and IPFIX formats.

12. A system for network flow visualization, comprising:
- multiple network devices operating to transmit multiple network flows through a network, each of the multiple network devices including one or more internal interfaces; and
  
  a computer operating to display a network topology of the network in a graphical user interface on a display connected to the computer, the network topology including graphical representations of the multiple network devices, of internal interfaces within the multiple network devices, and of network connections between the multiple network devices,the computer operating to acquire a plurality of network flow records from each of the multiple network devices for a specified period of time,wherein each of the plurality of network flow records is generated by a corresponding one of the multiple network devices and is uniquely associated with the corresponding one of the multiple network devices and is stored by the corresponding one of the multiple network devices,wherein each of the plurality of network flow records includes information about a corresponding network flow through the corresponding one of the multiple network devices, andwherein each of the plurality of network flow records is generated and stored separate from data of the corresponding network flow, andwherein each of the plurality of network flow records includes data fields for1) an identifier of the ingress interface through which the corresponding network flow entered the corresponding one of the multiple network devices, and2) an identifier of an egress interface through which the corresponding network flow exited the corresponding one of the multiple network devices or an identifier of an internal interface at which the corresponding network flow terminated within the corresponding one of the multiple network devices, and3) an internet protocol source address for the corresponding network flow, and4) an internet protocol destination address for the corresponding network flow, and5) a source port for the corresponding network flow, and6) a destination port for the corresponding network flow;
  
  the computer operating to correlate separate ones of the plurality of network flow records based on content of the data fields so as to create a common network data communication flow record as a combination of the correlated separate ones of the plurality of network flow records for the specified period of time,wherein each of the separate ones of the plurality of network flow records within the common network data communication flow record has1) identical content in the data field for the internet protocol source address for the corresponding network flow, and2) identical content in the data field for the internet protocol destination address for the corresponding network flow, and3) identical content in the data field for the source port for the corresponding network flow, and4) identical content in the data field for the destination port for the corresponding network flow;
  
  the computer operating to repeat the correlating of separate ones of the plurality of network flow records based on content of the data fields so as to create a plurality of common network data communication flow records for the specified period of time;
  
  the computer operating to aggregate some of the plurality of common network data communication flow records based on identical content in one or more data fields of the plurality of common network data communication flow records to create an aggregated network communication flow record for the specified period of time, andthe computer operating to render on the display an animation of a graphical representation of the aggregated network communication flow record for the specified period of time, wherein the animation of the graphical representation of the aggregated network communication flow record is rendered in lieu of rendering graphical representations of the plurality of common network data communication flow records represented by the aggregated network communication flow record, the animation of the graphical representation of the aggregated network communication flow record including one or more arrows to represent a data communication path traversed through the network topology by network flows represented by the aggregated network communication flow record, wherein the animation of the graphical representation of the aggregated network communication flow record includes at least one arrow depicting a segment of the data communication path traversed inside of at least one of the multiple network devices, andthe computer operating to provide a control within the graphical user interface to control a temporal progression through the animation of the graphical representation of the aggregated network communication flow record, including pausing of the animation at a selected time within the specified period of time.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system as recited in claim 12, wherein each of the plurality of network flow records identifies other internal interfaces within the corresponding one of the multiple network devices to which the corresponding network flow was transmitted.
  - 14. The system as recited in claim 13, wherein the other internal interfaces includes a local interface at which the corresponding network flow was terminated within the corresponding one of the multiple network devices.
  - 15. The system as recited in claim 12, wherein the multiple network devices includes a router, and wherein a given network flow record is generated for a packet of network traffic that is forwarded within the router.
  - 16. The system as recited in claim 12, wherein the computer operates to filter the plurality of network flow records based on one or more network flow parameters to identify a filtered set of the plurality of network flow records, and the computer operating to render on the display graphical representations of transmission paths of the filtered set of the plurality of network flow records.
  - 17. The system as recited in claim 16, wherein the computer operates to render on the display a control graphical user interface for defining, saving, and applying the filtering of the plurality of network flow records.
  - 18. The system as recited in claim 17, wherein the one or more network flow parameters include one or more of a DSCP (Differentiated Services Code Point), port, IP (Internet Protocol) address, layer 4 protocol, bit rate range, byte range, VLAN (Virtual Local Area Network) tag parameter, MAC (Media Access Control) parameter, and TCP (Transmission Control Protocol) flag field.
  - 19. The system as recited in claim 16, wherein the computer operates to modify an appearance of one or more of the graphical representations of the transmission paths of the filtered set of the plurality of network flow records based on network flow parameters.
  - 20. The system as recited in claim 12, wherein each of the plurality of network flow records is defined in either a NetFlow format, or an IPFIX (Internet Protocol Flow Information Export) format, or a combination of NetFlow and IPFIX formats.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LiveAction, Inc.
Original Assignee
LiveAction, Inc.
Inventors
Smith, John Kei, Pierce, Robert
Primary Examiner(s)
Chuang, Jessica

Application Number

US13/774,890
Publication Number

US 20130159865A1
Time in Patent Office

1,187 Days
Field of Search

715/734
US Class Current

1/1
CPC Class Codes

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 43/0829   Packet loss

H04L 43/0852   Delays

H04L 43/087   Jitter

H04L 43/50   Testing arrangements

Method and system for real-time visualization of network flow within network device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

213 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for real-time visualization of network flow within network device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

213 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links